diff options
Diffstat (limited to 'src/ejabberd.cfg.example')
| -rw-r--r-- | src/ejabberd.cfg.example | 609 |
1 files changed, 0 insertions, 609 deletions
diff --git a/src/ejabberd.cfg.example b/src/ejabberd.cfg.example deleted file mode 100644 index d1d68feac..000000000 --- a/src/ejabberd.cfg.example +++ /dev/null @@ -1,609 +0,0 @@ -%%% -%%% ejabberd configuration file -%%% -%%%' - -%%% The parameters used in this configuration file are explained in more detail -%%% in the ejabberd Installation and Operation Guide. -%%% Please consult the Guide in case of doubts, it is included with -%%% your copy of ejabberd, and is also available online at -%%% http://www.process-one.net/en/ejabberd/docs/ - -%%% This configuration file contains Erlang terms. -%%% In case you want to understand the syntax, here are the concepts: -%%% -%%% - The character to comment a line is % -%%% -%%% - Each term ends in a dot, for example: -%%% override_global. -%%% -%%% - A tuple has a fixed definition, its elements are -%%% enclosed in {}, and separated with commas: -%%% {loglevel, 4}. -%%% -%%% - A list can have as many elements as you want, -%%% and is enclosed in [], for example: -%%% [http_poll, web_admin, tls] -%%% -%%% - A keyword of ejabberd is a word in lowercase. -%%% Strings are enclosed in "" and can contain spaces, dots, ... -%%% {language, "en"}. -%%% {ldap_rootdn, "dc=example,dc=com"}. -%%% -%%% - This term includes a tuple, a keyword, a list, and two strings: -%%% {hosts, ["jabber.example.net", "im.example.com"]}. -%%% - - -%%%. ======================= -%%%' OVERRIDE STORED OPTIONS - -%% -%% Override the old values stored in the database. -%% - -%% -%% Override global options (shared by all ejabberd nodes in a cluster). -%% -%%override_global. - -%% -%% Override local options (specific for this particular ejabberd node). -%% -%%override_local. - -%% -%% Remove the Access Control Lists before new ones are added. -%% -%%override_acls. - - -%%%. ========= -%%%' DEBUGGING - -%% -%% loglevel: Verbosity of log files generated by ejabberd. -%% 0: No ejabberd log at all (not recommended) -%% 1: Critical -%% 2: Error -%% 3: Warning -%% 4: Info -%% 5: Debug -%% -{loglevel, 4}. - -%% -%% watchdog_admins: Only useful for developers: if an ejabberd process -%% consumes a lot of memory, send live notifications to these XMPP -%% accounts. -%% -%%{watchdog_admins, ["bob@example.com"]}. - - -%%%. ================ -%%%' SERVED HOSTNAMES - -%% -%% hosts: Domains served by ejabberd. -%% You can define one or several, for example: -%% {hosts, ["example.net", "example.com", "example.org"]}. -%% -{hosts, ["localhost"]}. - -%% -%% route_subdomains: Delegate subdomains to other XMPP servers. -%% For example, if this ejabberd serves example.org and you want -%% to allow communication with an XMPP server called im.example.org. -%% -%%{route_subdomains, s2s}. - - -%%%. =============== -%%%' LISTENING PORTS - -%% -%% listen: The ports ejabberd will listen on, which service each is handled -%% by and what options to start it with. -%% -{listen, - [ - - {5222, ejabberd_c2s, [ - - %% - %% If TLS is compiled in and you installed a SSL - %% certificate, specify the full path to the - %% file and uncomment this line: - %% - %%{certfile, "/path/to/ssl.pem"}, starttls, - - {access, c2s}, - {shaper, c2s_shaper}, - {max_stanza_size, 65536} - ]}, - - %% - %% To enable the old SSL connection method on port 5223: - %% - %%{5223, ejabberd_c2s, [ - %% {access, c2s}, - %% {shaper, c2s_shaper}, - %% {certfile, "/path/to/ssl.pem"}, tls, - %% {max_stanza_size, 65536} - %% ]}, - - {5269, ejabberd_s2s_in, [ - {shaper, s2s_shaper}, - {max_stanza_size, 131072} - ]}, - - %% - %% ejabberd_service: Interact with external components (transports, ...) - %% - %%{8888, ejabberd_service, [ - %% {access, all}, - %% {shaper_rule, fast}, - %% {hosts, ["icq.example.org", "sms.example.org"], - %% [{password, "secret"}] - %% } - %% ]}, - - %% - %% ejabberd_stun: Handles STUN Binding requests - %% - %%{{3478, udp}, ejabberd_stun, []}, - - {5280, ejabberd_http, [ - %%{request_handlers, - %% [ - %% {["pub", "archive"], mod_http_fileserver} - %% ]}, - captcha, - http_bind, - http_poll, - %%register, - web_admin - ]} - - ]}. - -%% -%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections. -%% Allowed values are: false optional required required_trusted -%% You must specify a certificate file. -%% -%%{s2s_use_starttls, optional}. - -%% -%% s2s_certfile: Specify a certificate file. -%% -%%{s2s_certfile, "/path/to/ssl.pem"}. - -%% -%% domain_certfile: Specify a different certificate for each served hostname. -%% -%%{domain_certfile, "example.org", "/path/to/example_org.pem"}. -%%{domain_certfile, "example.com", "/path/to/example_com.pem"}. - -%% -%% S2S whitelist or blacklist -%% -%% Default s2s policy for undefined hosts. -%% -%%{s2s_default_policy, allow}. - -%% -%% Allow or deny communication with specific servers. -%% -%%{{s2s_host, "goodhost.org"}, allow}. -%%{{s2s_host, "badhost.org"}, deny}. - -%% -%% Outgoing S2S options -%% -%% Preferred address families (which to try first) and connect timeout -%% in milliseconds. -%% -%%{outgoing_s2s_options, [ipv4, ipv6], 10000}. - - -%%%. ============== -%%%' AUTHENTICATION - -%% -%% auth_method: Method used to authenticate the users. -%% The default method is the internal. -%% If you want to use a different method, -%% comment this line and enable the correct ones. -%% -{auth_method, internal}. -%% -%% Store the plain passwords or hashed for SCRAM: -%%{auth_password_format, plain}. -%%{auth_password_format, scram}. -%% -%% Define the FQDN if ejabberd doesn't detect it: -%%{fqdn, "server3.example.com"}. - -%% -%% Authentication using external script -%% Make sure the script is executable by ejabberd. -%% -%%{auth_method, external}. -%%{extauth_program, "/path/to/authentication/script"}. - -%% -%% Authentication using ODBC -%% Remember to setup a database in the next section. -%% -%%{auth_method, odbc}. - -%% -%% Authentication using PAM -%% -%%{auth_method, pam}. -%%{pam_service, "pamservicename"}. - -%% -%% Authentication using LDAP -%% -%%{auth_method, ldap}. -%% -%% List of LDAP servers: -%%{ldap_servers, ["localhost"]}. -%% -%% Encryption of connection to LDAP servers: -%%{ldap_encrypt, none}. -%%{ldap_encrypt, tls}. -%% -%% Port to connect to on LDAP servers: -%%{ldap_port, 389}. -%%{ldap_port, 636}. -%% -%% LDAP manager: -%%{ldap_rootdn, "dc=example,dc=com"}. -%% -%% Password of LDAP manager: -%%{ldap_password, "******"}. -%% -%% Search base of LDAP directory: -%%{ldap_base, "dc=example,dc=com"}. -%% -%% LDAP attribute that holds user ID: -%%{ldap_uids, [{"mail", "%u@mail.example.org"}]}. -%% -%% LDAP filter: -%%{ldap_filter, "(objectClass=shadowAccount)"}. - -%% -%% Anonymous login support: -%% auth_method: anonymous -%% anonymous_protocol: sasl_anon | login_anon | both -%% allow_multiple_connections: true | false -%% -%%{host_config, "public.example.org", [{auth_method, anonymous}, -%% {allow_multiple_connections, false}, -%% {anonymous_protocol, sasl_anon}]}. -%% -%% To use both anonymous and internal authentication: -%% -%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}. - - -%%%. ============== -%%%' DATABASE SETUP - -%% ejabberd by default uses the internal Mnesia database, -%% so you do not necessarily need this section. -%% This section provides configuration examples in case -%% you want to use other database backends. -%% Please consult the ejabberd Guide for details on database creation. - -%% -%% MySQL server: -%% -%%{odbc_server, {mysql, "server", "database", "username", "password"}}. -%% -%% If you want to specify the port: -%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}. - -%% -%% PostgreSQL server: -%% -%%{odbc_server, {pgsql, "server", "database", "username", "password"}}. -%% -%% If you want to specify the port: -%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}. -%% -%% If you use PostgreSQL, have a large database, and need a -%% faster but inexact replacement for "select count(*) from users" -%% -%%{pgsql_users_number_estimate, true}. - -%% -%% ODBC compatible or MSSQL server: -%% -%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}. - -%% -%% Number of connections to open to the database for each virtual host -%% -%%{odbc_pool_size, 10}. - -%% -%% Interval to make a dummy SQL request to keep the connections to the -%% database alive. Specify in seconds: for example 28800 means 8 hours -%% -%%{odbc_keepalive_interval, undefined}. - - -%%%. =============== -%%%' TRAFFIC SHAPERS - -%% -%% The "normal" shaper limits traffic speed to 1000 B/s -%% -{shaper, normal, {maxrate, 1000}}. - -%% -%% The "fast" shaper limits traffic speed to 50000 B/s -%% -{shaper, fast, {maxrate, 50000}}. - -%% -%% This option specifies the maximum number of elements in the queue -%% of the FSM. Refer to the documentation for details. -%% -{max_fsm_queue, 1000}. - - -%%%. ==================== -%%%' ACCESS CONTROL LISTS - -%% -%% The 'admin' ACL grants administrative privileges to XMPP accounts. -%% You can put here as many accounts as you want. -%% -%%{acl, admin, {user, "aleksey", "localhost"}}. -%%{acl, admin, {user, "ermine", "example.org"}}. - -%% -%% Blocked users -%% -%%{acl, blocked, {user, "baduser", "example.org"}}. -%%{acl, blocked, {user, "test"}}. - -%% -%% Local users: don't modify this line. -%% -{acl, local, {user_regexp, ""}}. - -%% -%% More examples of ACLs -%% -%%{acl, jabberorg, {server, "jabber.org"}}. -%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}. -%%{acl, test, {user_regexp, "^test"}}. -%%{acl, test, {user_glob, "test*"}}. - -%% -%% Define specific ACLs in a virtual host. -%% -%%{host_config, "localhost", -%% [ -%% {acl, admin, {user, "bob-local", "localhost"}} -%% ] -%%}. - - -%%%. ============ -%%%' ACCESS RULES - -%% Maximum number of simultaneous sessions allowed for a single user: -{access, max_user_sessions, [{10, all}]}. - -%% Maximum number of offline messages that users can have: -{access, max_user_offline_messages, [{5000, admin}, {100, all}]}. - -%% This rule allows access only for local users: -{access, local, [{allow, local}]}. - -%% Only non-blocked users can use c2s connections: -{access, c2s, [{deny, blocked}, - {allow, all}]}. - -%% For C2S connections, all users except admins use the "normal" shaper -{access, c2s_shaper, [{none, admin}, - {normal, all}]}. - -%% All S2S connections use the "fast" shaper -{access, s2s_shaper, [{fast, all}]}. - -%% Only admins can send announcement messages: -{access, announce, [{allow, admin}]}. - -%% Only admins can use the configuration interface: -{access, configure, [{allow, admin}]}. - -%% Admins of this server are also admins of the MUC service: -{access, muc_admin, [{allow, admin}]}. - -%% Only accounts of the local ejabberd server can create rooms: -{access, muc_create, [{allow, local}]}. - -%% All users are allowed to use the MUC service: -{access, muc, [{allow, all}]}. - -%% Only accounts on the local ejabberd server can create Pubsub nodes: -{access, pubsub_createnode, [{allow, local}]}. - -%% In-band registration allows registration of any possible username. -%% To disable in-band registration, replace 'allow' with 'deny'. -{access, register, [{allow, all}]}. - -%% By default the frequency of account registrations from the same IP -%% is limited to 1 account every 10 minutes. To disable, specify: infinity -%%{registration_timeout, 600}. - -%% -%% Define specific Access Rules in a virtual host. -%% -%%{host_config, "localhost", -%% [ -%% {access, c2s, [{allow, admin}, {deny, all}]}, -%% {access, register, [{deny, all}]} -%% ] -%%}. - - -%%%. ================ -%%%' DEFAULT LANGUAGE - -%% -%% language: Default language used for server messages. -%% -{language, "en"}. - -%% -%% Set a different default language in a virtual host. -%% -%%{host_config, "localhost", -%% [{language, "ru"}] -%%}. - - -%%%. ======= -%%%' CAPTCHA - -%% -%% Full path to a script that generates the image. -%% -%%{captcha_cmd, "/lib/ejabberd/priv/bin/captcha.sh"}. - -%% -%% Host for the URL and port where ejabberd listens for CAPTCHA requests. -%% -%%{captcha_host, "example.org:5280"}. - -%% -%% Limit CAPTCHA calls per minute for JID/IP to avoid DoS. -%% -%%{captcha_limit, 5}. - -%%%. ======= -%%%' MODULES - -%% -%% Modules enabled in all ejabberd virtual hosts. -%% -{modules, - [ - {mod_adhoc, []}, - {mod_announce, [{access, announce}]}, % recommends mod_adhoc - {mod_blocking,[]}, % requires mod_privacy - {mod_caps, []}, - {mod_configure,[]}, % requires mod_adhoc - {mod_disco, []}, - %%{mod_echo, [{host, "echo.localhost"}]}, - {mod_irc, []}, - {mod_http_bind, []}, - %%{mod_http_fileserver, [ - %% {docroot, "/var/www"}, - %% {accesslog, "/var/log/ejabberd/access.log"} - %% ]}, - {mod_last, []}, - {mod_muc, [ - %%{host, "conference.@HOST@"}, - {access, muc}, - {access_create, muc_create}, - {access_persistent, muc_create}, - {access_admin, muc_admin} - ]}, - %%{mod_muc_log,[]}, - {mod_offline, [{access_max_user_messages, max_user_offline_messages}]}, - {mod_ping, []}, - %%{mod_pres_counter,[{count, 5}, {interval, 60}]}, - {mod_privacy, []}, - {mod_private, []}, - %%{mod_proxy65,[]}, - {mod_pubsub, [ - {access_createnode, pubsub_createnode}, - {ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant - %%{ignore_pep_from_offline, false}, % XEP compliant, but increases resource comsumption - {last_item_cache, false}, - {plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps - ]}, - {mod_register, [ - %% - %% Protect In-Band account registrations with CAPTCHA. - %% - %%{captcha_protected, true}, - - %% - %% Set the minimum informational entropy for passwords. - %% - %%{password_strength, 32}, - - %% - %% After successful registration, the user receives - %% a message with this subject and body. - %% - {welcome_message, {"Welcome!", - "Hi.\nWelcome to this XMPP server."}}, - - %% - %% When a user registers, send a notification to - %% these XMPP accounts. - %% - %%{registration_watchers, ["admin1@example.org"]}, - - %% - %% Only clients in the server machine can register accounts - %% - {ip_access, [{allow, "127.0.0.0/8"}, - {deny, "0.0.0.0/0"}]}, - - %% - %% Local c2s or remote s2s users cannot register accounts - %% - %%{access_from, deny}, - - {access, register} - ]}, - %%{mod_register_web, [ - %% - %% When a user registers, send a notification to - %% these XMPP accounts. - %% - %%{registration_watchers, ["admin1@example.org"]} - %% ]}, - {mod_roster, []}, - %%{mod_service_log,[]}, - {mod_shared_roster,[]}, - {mod_stats, []}, - {mod_time, []}, - {mod_vcard, []}, - {mod_version, []} - ]}. - -%% -%% Enable modules with custom options in a specific virtual host -%% -%%{host_config, "localhost", -%% [{{add, modules}, -%% [ -%% {mod_echo, [{host, "mirror.localhost"}]} -%% ] -%% } -%% ]}. - - -%%%. -%%%' - -%%% $Id$ - -%%% Local Variables: -%%% mode: erlang -%%% End: -%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker: |